Canary Exploit tool for CVE-2025-30065 Apache Parquet Avro Vulnerability www.f5.com/labs/arti…

On April 1st, 2025, CVE-2025-30065 was published, although rumors had been swirling on various platforms for several days before about a very high severity security issue with Apache Parquet, leading to much consternation within the IT community. F5 began receiving calls from worried customers asking questions about this vulnerability in their own systems as early as March 29th, three days before it was publicly disclosed. At this time very little was known about the issue, only that it was possibly very serious.

As it turned out, CVE-2025-30065 was issued as a CVSS 10.0 (Critical) vulnerability in Apache Parquet Java. Patches were immediately issued, customers were able to assess their exposure, and the attention seen previously began to wane. We decided to take a closer look at this issue, because PoCs in circulation either did not work or appeared to us to be of little offensive utility.